Singapore Police has warned about a new ad scam targeting Google’s search platform users. Cybercriminals are targeting users with fake ads from backs appearing to be legitimate on Google. Victims of such scams have lost around S$450,000 (334191.09 USD) since December 2021.
Singapore Police Force (SPF) has warned on Wednesday that in these phishing attacks, fake ads pop up when users search for contact details of their bank on Google. The ads show up on the top of search results among searches, containing fake contact numbers of banks.
When victims called on these numbers, the cybercriminals would impersonate as bank employees, who would alert victims regarding issues with their bank account or credit cards. Victims are then instructed to transfer their funds to an account number provided by the criminal temporarily to resolve the issue. Victims are also told to make payments for their loans in order to avoid issues.
“Victims would only realise that they had been scammed when they contacted the bank via the authentic hotline to verify the new bank account number or when the bank contacted them to verify the reason for the large sum of money transferred,” said Singapore Police Forece.
SPF also highlighted that some victims received SMS messages spoofing the sender ID of banks. It would make them appear as legitimate messages from the bank. The messages contained information regarding resetting bank account details as part of the country’s effort to combat scams.
Since December 2021, more than 15 people have been victims of this campaign, resulting in a loss of S$495,000, according to SPF.
In the latest advisory from SPF, around 469 customers of OCBC Bank have been victims of these ad scams resulting in the loss of SG$8.5 million. Among this, around S$2.7 million was lost in under three days during the Christmas weekend. As a result, several victims lost their life savings, and the bank has promised to fully restitute the losses to the victims of these scams.
In light of the recent OCBC Bank scams, the Industry regulator Monetary Authority of Singapore (MAS) has introduced some latest security measures that Singapore banks must implement. These include the removal of links from SMS and emails sent to customers. Banks also have to introduce a 12-hour delay when activating mobile tokens.
Banks will also have to establish dedicated customer support teams for dealing with potential cases of scams and fraud involving customers. According to MAS, these new measures will be implemented across all banks within two weeks.
“MAS is also intensifying its scrutiny of major financial institutions’ fraud surveillance mechanisms to ensure they are adequately equipped to deal with the growing threat of online scams,” said Monetary Authority of Singapore.